Securing Your Contract Links with One-time password(OTP) Authentication

In this article you will learn how to enhance the security of your contract links using One-Time Password (OTP) authentication

Securing Your Contract Links with OTP Authentication

In this article, we’ll walk you through how to enhance the security of your contract links using One-Time Password (OTP) authentication. This feature is designed to ensure that only authorized signatory for a counterparty can review and sign your contracts, adding an extra layer of protection to your sensitive documents.

What Is OTP Authentication?

OTP, or One-Time Password, is a security feature where a unique password is sent to the counterparty recipient’s email. This password must be entered to access the contract. This process ensures that only the designated recipient can review or sign the document.

How to Enable OTP Authentication

Setting Up OTP at the Workflow Level

  1. Navigate to Workflow Settings:
    1. Go to the Workflow Settings in your SpotDraft account.
      1. Manage → Workflow Manager → Workflow Settings

    2. Locate the Contract Link Preferences section.
  1. Enable OTP Verification:
    1. Find the toggle labeled One-time password verification.
    2. Turn on the toggle to activate OTP for all contract links generated from this workflow.
    3. By default, this toggle is off. Once enabled, it will apply to all future contracts created from this workflow once the workflow is published.
  1. Publishing the workflow: To make sure the changes apply to all future contracts created through that workflow, publish the workflow.


  • This setting applies only to links sent to counterparties. Your organization’s signatories will need to log in to SpotDraft to act on a contract.
  • OTP is not applicable for Express Templates or contracts created through Embedded Signing.

Awareness and Visibility

  • Contract Information: You can check if OTP verification is enabled for a specific contract directly in the Contract Information Section. Look for:
    • Counterparty Verification: Email-based OTP (if enabled)
    • Counterparty Verification: None (if not enabled)
  • Send Modal(For Template Contracts): To check if the Email-based OTP (One-Time Password) feature is enabled for a template contract, look for this option when you are sending the contract.
  • Review and Send(For Send for Review and Upload and Sign flow) : When preparing a contract for signing, you can view the 'Counterparty Verification' option in the 'Review and Send' step.
  • This feature helps you quickly confirm the security settings without digging through workflow settings.

What Happens for Counterparty Recipients?

When a counterparty recipient receives a contract link, they will follow these steps:

  1. Receive the OTP:
      • The recipient will get a 6-digit OTP sent to their registered email address as soon as they open the contract link.
  1. Enter the OTP:
      • Upon opening the link, they will see a banner prompting them to enter the OTP. They can easily copy and paste the OTP from their email into the provided field.
  1. Validate and Proceed:
      • After entering the OTP, the recipient can click on verify to validate it and proceed to review or sign the contract.
  1. Security Measures:
      • If a user enters an incorrect OTP, they will be informed of the remaining attempts. They have up to 5 attempts per hour to enter the correct OTP.
      • If they exhaust their attempts, they will need to wait an hour to try again.
      • For added security, OTPs can only be requested for resend once per minute.

Audit Trail and Activity Log

SpotDraft maintains a detailed audit trail that records the verification method used during contract signing. This ensures transparency and security for each transaction. Additionally, the information is also logged in the Activity Log.

Frequently Asked Questions (FAQs)

  1. Can I enable OTP for signing and review links separately?
      • Currently, OTP applies universally to all counterparty contract links in the workflow.
  1. What if I want to disable OTP for an already created contract?
      • If a contract has already been created with OTP enabled for the published workflow, you cannot disable OTP at the contract level. To disable OTP, turn off the toggle in the workflow settings and then create a new contract from that updated workflow.
Did this answer your question?